Question

我使用此库：Oauth2 PHP

我找不到更改到期时间的设置，我试过了：

new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'access_token_lifetime' => 2419200));

但令牌的生命周期总是3600.什么是正确的设置？

修改：根据建议，我尝试使用刷新令牌

new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'always_issue_new_refresh_token' => true));

client_credential grant type + JWT bearer工作但我从未获得刷新令牌（仅访问令牌）。即使在令牌验证时，我也从未获得刷新令牌。

修改：由于刷新对我不起作用，因为建议我尝试设置令牌过期时间

new OAuth2\Server($this->_mem, array('use_jwt_access_tokens' => true, 'access_lifetime' => 12000));

客户端凭证上的响应仍会返回短令牌

{ ["access_token"]=> string(648) "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpZCI6ImU0NjE0MzdhMjY2YjFkNWY0OWU5MDY5MjQwODg5NjU0MDI2ZGRmODAiLCJpc3MiOiIiLCJhdWQiOiI4OWM2MjRmNTNiYTVmOTM3NjFmZWFhNmU1MGI1ZDk1NGQ4ZGRjMTIxIiwic3ViIjpudWxsLCJleHAiOjE0MzQ0NjI2NDIsImlhdCI6MTQzNDQ1OTA0MiwidG9rZW5fdHlwZSI6ImJlYXJlciIsInNjb3BlIjoicHVibGljIHJlYWRfbmV3cyJ9.Mk_KyUk_8yPnq9eEjvgVOJXBOkQSifAPbEaUvY4X9WvfmImPnC7PJx_99ODpiJR_gMLhZ3gBl1gQEJ2z6xUZ83dntCYzGWumkVLNpJG8omuVkmZqNnbLYYXl-vzmGOblceeDrKw_lrXc4rb72BeFaMeZWwFV7YMrgA0LOsYyZmAiDblcbHtpPGpUd2EC3y7VxLnyA8u07eY4aswOHwClPlDwHX_HwfMUmDLWkoTcrRf1AvKn-cnj41eL0SU9AJHWab8AOK7lxDsaqnits5pXj--cG9hr8pWOsFPQ2D9qYOsMvbEOi4zDJEdaIp-qvzn6N5Wrm5GxdbU1AqwvM531hQ" ["expires_in"]=> int(3600) ["token_type"]=> string(6) "bearer" ["scope"]=> string(16) "public" }

看起来这是一个缓存问题，令牌现在设置为正确的到期时长/时间

Answer 1

您可以使用access_token access_lifetime配置参数来检查the code来更改OAuth2\Server生命周期。

access_lifetime配置参数用于在OAuth2\ResponseType\JwtAccessToken line 63中创建令牌：

$expires = time() + $this->config['access_lifetime'];

这可以在实例化服务器时设置，该服务器采用OAuth2\Server lines 109 - 126中列出的以下配置参数。

    // merge all config values.  These get passed to our controller objects
    $this->config = array_merge(array(
        'use_jwt_access_tokens'        => false,
        'store_encrypted_token_string' => true,
        'use_openid_connect'       => false,
        'id_lifetime'              => 3600,
        'access_lifetime'          => 3600,
        'www_realm'                => 'Service',
        'token_param_name'         => 'access_token',
        'token_bearer_header_name' => 'Bearer',
        'enforce_state'            => true,
        'require_exact_redirect_uri' => true,
        'allow_implicit'           => false,
        'allow_credentials_in_request_body' => true,
        'allow_public_clients'     => true,
        'always_issue_new_refresh_token' => false,
        'unset_refresh_token_after_use' => true,
    ), $config);

根据Server.php和JwtAccessToken.php的代码，还支持刷新令牌。

Answer 2

在server.php中（您要在其中传递授予类型和客户端凭据）

$config = array(
    'access_lifetime' => 86400
);
$server = new OAuth2\Server($storage, $config);

来源：https://github.com/bshaffer/oauth2-server-php/issues/699

OAuth2 PHP更改到期时间

2 个答案: